error in this code
-
On the line: s = s & "(" & f1 & f2 & f3 & f4 & f5 & f6 & f7 & f8 & ")" You need to seperate the values with commas s = s & "(" & f1 & "," & f2 & "," & f3 & "," & f4 ... etc I would recommend using Stored procs though as you are performing no validation and are wide open to injection attacks
thanks for ur reply but it still gives the same error here what i wrote s = "insert into addcard" s = s & " (dte,op,nos,cost,coms,nii,npp )values " s = s & "(" & f1 & "," & f2 & "," & f3 & "," & f4 & "," & "," & f5 & "," & "," & f6 & "," & "," & f7 & "," & f8 & "')" cmd.CommandText = s h = cmd.ExecuteNonQuery() MsgBox("Saved succssefuly") plz give me ur feedback
-
try this code,if still there is any error let me know cmd.Connection.Close() If cn.State = ConnectionState.Closed Then cn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=ehab.mdb" cn.Open() End If cmd.Connection = cn cmd.CommandType = CommandType.Text End If Dim s As String Dim h As Integer s = 0 h = 0 f3 = "'" & ComboBox2.Text & "'," f4 = "'" & TextBox1.Text & "'," f5 = "'" & TextBox2.Text & "'," f6 = "'" & TextBox3.Text & "'," f7 = "'" & TextBox4.Text & "'," f8 = "'" & Label10.Text & "'" s = s = s & " " s = "insert into sale (dte,op,value,nos,cost,coms,nii,npp ) values('" & DateTimePicker1.Value & "','" & ComboBox1.Text & "','" & ComboBox2.Text & "','" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "','" & TextBox4.Text & "','" & Label10.Text & "')" cmd.CommandText = s h = cmd.ExecuteNonQuery() MsgBox("Saved succssefuly")
-
thanks for ur reply but it still gives the same error here what i wrote s = "insert into addcard" s = s & " (dte,op,nos,cost,coms,nii,npp )values " s = s & "(" & f1 & "," & f2 & "," & f3 & "," & f4 & "," & "," & f5 & "," & "," & f6 & "," & "," & f7 & "," & f8 & "')" cmd.CommandText = s h = cmd.ExecuteNonQuery() MsgBox("Saved succssefuly") plz give me ur feedback
-
thanks for ur reply but it still gives the same error here what i wrote s = "insert into addcard" s = s & " (dte,op,nos,cost,coms,nii,npp )values " s = s & "(" & f1 & "," & f2 & "," & f3 & "," & f4 & "," & "," & f5 & "," & "," & f6 & "," & "," & f7 & "," & f8 & "')" cmd.CommandText = s h = cmd.ExecuteNonQuery() MsgBox("Saved succssefuly") plz give me ur feedback
magedhv wrote:
here what i wrote s = "insert into addcard" s = s & " (dte,op,nos,cost,coms,nii,npp )values " s = s & "(" & f1 & "," & f2 & "," & f3 & "," & f4 & "," & "," & f5 & "," & "," & f6 & "," & "," & f7 & "," & f8 & "')"
Is this an exact copy from your code? If so, there is an extra ' at the end. Also, what is the type of field dte in your database? If it is a date, you cannot pass in a string, AFAIK. What is the error message you get, anyway?
-
syntex error do u have another solution i have already use this code in another form and it works well (in my first topic ) i don't know what's wrong
-
magedhv wrote:
here what i wrote s = "insert into addcard" s = s & " (dte,op,nos,cost,coms,nii,npp )values " s = s & "(" & f1 & "," & f2 & "," & f3 & "," & f4 & "," & "," & f5 & "," & "," & f6 & "," & "," & f7 & "," & f8 & "')"
Is this an exact copy from your code? If so, there is an extra ' at the end. Also, what is the type of field dte in your database? If it is a date, you cannot pass in a string, AFAIK. What is the error message you get, anyway?
-
he gives me this error msg Syntax error in INSERT INTO statement. all of the fields in database are number except dte it's type (date/time) plz help me cause it drive me crazy
magedhv wrote:
Syntax error in INSERT INTO statement. all of the fields in database are number except dte it's type (date/time)
Ok - but did you check out the suggestions I made earlier? Date fields cannot be passed in as strings to Jet databases.
-
he gives me error when i tried to enter 2 values this is the error syntax error (missing operator) in query expression '7/2/2007Vodafone'.
magedhv wrote:
syntax error (missing operator) in query expression '7/2/2007Vodafone'
It looks like you dont have the two fields separated - shouldnt it be '7/2/2007','Vodafone'... Also, the first is a date field, IIRC date fields for Jet databases should be enclosed by # not quotes.
-
magedhv wrote:
syntax error (missing operator) in query expression '7/2/2007Vodafone'
It looks like you dont have the two fields separated - shouldnt it be '7/2/2007','Vodafone'... Also, the first is a date field, IIRC date fields for Jet databases should be enclosed by # not quotes.
-
Just remember this... for text (string) variables, enclose data in quotes - like 'Vodafone' for number variables, just the value will do for date variables, enclose data with # - like #7/2/2007# and between each field, you should have a comma. Hope this helps.
-
Just remember this... for text (string) variables, enclose data in quotes - like 'Vodafone' for number variables, just the value will do for date variables, enclose data with # - like #7/2/2007# and between each field, you should have a comma. Hope this helps.
do u mean like that dim x as string x = "'" # DateTimePicker1.Value # "'" if that's what u mean the visual basic underline the last line (x = "'" # DateTimePicker1.Value # "'" ) plz try to write the whole code and note that the same code i use it with the same string in other form and it worked well
-
do u mean like that dim x as string x = "'" # DateTimePicker1.Value # "'" if that's what u mean the visual basic underline the last line (x = "'" # DateTimePicker1.Value # "'" ) plz try to write the whole code and note that the same code i use it with the same string in other form and it worked well
magedhv wrote:
x = "'" # DateTimePicker1.Value # "'"
Thats not what I mean... try this: x = "#" & DateTimePicker1.Value & "#"
-
he tell me there is an error on the insert statement and iam sure from the names of the feilds coz i copy it from database so what's wrong??? i don't know where is the error plz anyone answer me thanks cmd.Connection.Close() If cn.State = ConnectionState.Closed Then If cn.State = ConnectionState.Closed Then cn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=ehab.mdb" cn.Open() End If cmd.Connection = cn cmd.CommandType = CommandType.Text End If Dim s As String Dim h As Integer s = 0 h = 0 Dim f1, f2, f3, f4, f5, f6, f7, f8 As String f1 = "'" & DateTimePicker1.Value & "'," f2 = "'" & ComboBox1.Text & "'," f3 = "'" & ComboBox2.Text & "'," f4 = "'" & TextBox1.Text & "'," f5 = "'" & TextBox2.Text & "'," f6 = "'" & TextBox3.Text & "'," f7 = "'" & TextBox4.Text & "'," f8 = "'" & Label10.Text & "'" s = "insert into sale " s = s & " (dte,op,value,nos,cost,coms,nii,npp )values " s = s & "(" & f1 & f2 & f3 & f4 & f5 & f6 & f7 & f8 & ")" cmd.CommandText = s h = cmd.ExecuteNonQuery() MsgBox("Saved succssefuly")
Ignore ALL the other replies you've gotten in this thread. They're all crap. Drop all this string concatenation garbage and do it the correct way with a parameterized query. See this article[^] by Colin Angus Mackay for more information as to what they are and why your shooting yourself in the foot doing it your way. You're actaully making is harder on yourself by building a string for your parameters.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007 -
Ignore ALL the other replies you've gotten in this thread. They're all crap. Drop all this string concatenation garbage and do it the correct way with a parameterized query. See this article[^] by Colin Angus Mackay for more information as to what they are and why your shooting yourself in the foot doing it your way. You're actaully making is harder on yourself by building a string for your parameters.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007 -
could u plz tell me what should i do because i read this topic but i didn't understand what to do so if u have any idea about what to do simply tell me and thanks i appreciate ur efforts
I did "simply" tell you. You're building an SQL query by appending multiple strings together. This introduces the opportunity for a lot of bugs and security holes into your code. Read the article I gave you a link for and about half way down, it'll explain what a parameterized query is and how to put it together to solve most of your security and readability problems.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007